Riverstone Networks WICT1-12 User Manual

Riverstone Networks RS Switch Router User Guide Release 8.0 25-11

Security Configuration

Layer-2 Security Filters

or

Flow static entry: Restrict "login multicasts" originating from the consultant from reaching the finance servers.

Port-to-Address Lock Examples

You have configured some filters for the consultant on port et.1.1 If the consultant plugs his laptop into a different
port, he will bypass the filters. To lock him to port et.1.1, use the following command:

Note

If the consultant’s MAC is detected on a different port, all of its traffic will be
blocked.

Example 2 : Secure Ports

Source secure port: To block all engineers on port 1 from accessing all other ports, enter the following command:

filters add static-entry name login-mcasts dest-mac 010000:334455 vlan 1 in-port-list

et.1.1 out-port-list et.1.2 restriction allow

filters add static-entry name consult-to-mcasts source-mac 001122:334455 dest-mac

010000:334455 vlan 1 in-port-list et.1.1 out-port-list et.1.3 restriction disallow

filters add port-address-lock name consultant source-mac 001122:334455 vlan 1

in-port-list et.1.1

filters add secure-port name engineers direction source vlan 1

in-port-list et.1.1